1. Requirements
The user can enter the home page after logging in, and the user cannot enter the home page after logging out
Two, ideas
- After the user logs in, put the user's data into the session
- When entering the homepage, it is necessary to judge whether the user has logged in (implemented in the filter)
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
Object user_session = request.getSession().getAttribute(Constant.USER_SESSION);
if (user_session == null){
response.sendRedirect("/error.jsp");
}
chain.doFilter(request,response);
}
Three, case steps
- First of all, we need to create a login page. After entering the login page, a request will be submitted, the
address is /servlet/login :
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<form action="/servlet/login" method="post">
<input type="text" name="username">
<input type="submit">
</form>
</body>
</html>
- The address mapping class is the LoginServlet class, which inherits the HttpServlet class. code show as below:
public class LoginServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
//获取前端请求的参数
String username = req.getParameter("username");
if (username.equals("admin")){
//登陆成功
req.getSession().setAttribute(Constant.USER_SESSION,req.getSession().getId());
resp.sendRedirect("/sys/success.jsp");
}else {
//登陆失败
resp.sendRedirect("/error.jsp");
}
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doGet(req,resp);
}
}
- There will be two situations during the verification process, either successfully enter the success.jsp page, or fail to enter the error.jsp page, the codes are respectively:
success.jsp page:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>主页</h1>
<p><a href="/servlet/logout">注销</a></p>
</body>
</html>
error.jsp page:
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>Title</title>
</head>
<body>
<h1>错误</h1>
<h3>没有权限,或者密码错误</h3>
<a href="/Login.jsp">返回登陆页面</a>
</body>
</html>
- Next we need a filter to add a permission verification to it:
public class SysFilter implements Filter {
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) resp;
Object user_session = request.getSession().getAttribute(Constant.USER_SESSION);
if (user_session == null){
response.sendRedirect("/error.jsp");
}
chain.doFilter(request,response);
}
public void destroy() {
}
}
After the above interception operation, if we want to directly access the login success page, we will be redirected to the error.jsp page:
